Know your client — and prove it. The foundation of every AML/CTF program under Tranche 2.
Client Due Diligence (CDD) is the process of identifying your clients, verifying their identity, and assessing the money laundering and terrorism financing (ML/TF) risk they represent to your practice. Under the AML/CTF Act 2006 (as amended by Tranche 2 reforms), accountants providing designated services must apply CDD to every client.
CDD is not a one-off exercise. AUSTRAC requires you to maintain up-to-date records on every client, reassess their risk profile at regular intervals, and apply enhanced scrutiny to higher-risk clients.
Designated services trigger CDD. If you provide a service covered by the AML/CTF Act — such as managing client funds, preparing for business transactions, or conveyancing — you must complete CDD before providing that service. No CDD, no service.
At a minimum, your CDD process must capture:
Money laundering frequently occurs through professional service providers — accountants are often unwitting intermediaries. Criminals use legitimate businesses to move and conceal illicit funds. AUSTRAC's position is that if you know your client and understand the nature of funds flowing through your practice, you are far less likely to be exploited.
Australia's AML/CTF framework is modelled on the Financial Action Task Force (FATF) recommendations, which Australia is legally obligated to follow as a member. Tranche 2 brings Australia into line with comparable jurisdictions including the UK, EU, Canada and New Zealand — all of which already require CDD from professional service providers.
FATF grey-listing risk. Australia has faced international pressure over its delayed Tranche 2 implementation. Non-compliance at a sector level risks Australia's standing with FATF, which has consequences for Australian businesses operating internationally.
Failing to complete and document CDD is not a technical oversight — it is a breach of the AML/CTF Act and carries serious consequences.
Civil penalties for failing to carry out CDD can reach up to $22 million for corporations and $4.4 million for individuals per breach under the AML/CTF Act. Each client without adequate CDD documentation is a separate potential breach.
Beyond financial penalties, AUSTRAC can issue formal warnings, require enforceable undertakings, appoint external auditors at your cost, and refer matters to the Australian Federal Police. In serious cases, AUSTRAC has the power to cancel or suspend registration.
There is also professional liability exposure. If your practice facilitates money laundering — even unknowingly — because you failed to conduct adequate CDD, you may face action from your professional body (CPA Australia, CA ANZ, or the Law Society) in addition to AUSTRAC.
All client data is stored in your browser's local storage — it never leaves your device. You can export your full client register at any time to meet the 7-year record retention requirement under the AML/CTF Act.
SimpleAML's client risk profiler walks you through every step. No account needed — open it in your browser right now.
Open SimpleAML Free →